Kaminsky Offers Injection Antidote

ancientribe passes along this excerpt from DarkReading.com: "Life's too short to defend broken code. That's the reason renowned researcher Dan Kaminsky says he came up with a brand-new way to prevent pervasive SQL injection, cross-site scripting, and other injection-type flaws in software — a framework that lets developers continue to write code the way they always have, but with a tool that helps prevent them from inadvertently leaving these flaws in their apps. The tool, which he released today for input from the development and security community, basically takes the security responsibility off the shoulders of developers. Putting the onus on them hasn't worked well thus far, he says. Kaminsky's new tool is part of his new startup, Recursive Ventures."

Frist slastiversement

[Hognoxious]

Begone, vile shill!

How is it different from what other frameworks do?

[youn]

don't really know this particular framework... but a lot of them offer some sort of XSS & SQL injection protection ... how is it ground breaking ?

Re:productize?

[Rogerborg]

Theory: "productize" is one of the keywords that the kdawson editard script uses to find likely Slashvertisements.

Re:productize?

[DNS-and-BIND]

What on Earth makes you think a random commenter on Slashdot would have "met Dan" before? Is meeting the author a prerequisite to comment now? I just said marketroid speak turns me off and based on my previous experiences has a very high potential for being bullshit. Or did you just want to show off how cool you are in front of everyone..."oh yes Dan and I have met and we're on a first-name basis! Look at me and respect me! Remember the utterly forgettable handle I use on this website and quake when I write, for it is with the voice of Oz himself that I speak! Lo, I have met the author of an article on slashdot. Look on my words, ye mighty, and despair!"